—

MAL-2026-5090

Malicious code in neuralforge-ml (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (c0a68c3ef2f7680eab753f62cc1792ae7df68bb15400e09971cc9c34a444307b) The package contains stub code only imitating real actions. Starting with version 0.9.9, the code contains exfiltration capability activated under specific conditions.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-neuralforge-ml

Reasons (based on the campaign):

- exfiltration-env-variables

- obfuscation

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / neuralforge-ml

No fixed version published yet for neuralforge-ml (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/neuralforge-ml [WEB]